General

  • Target

    137a3eaa6f4f03f22e1cdae233dbf15861d659cc

  • Size

    462KB

  • Sample

    230111-pv6ljsfh9s

  • MD5

    cc9076a6bd489b43111476ac1dafc23e

  • SHA1

    137a3eaa6f4f03f22e1cdae233dbf15861d659cc

  • SHA256

    f2d560f960b4ab660621fef4d25d6b83b27da3deb53c1b0159c8abbc935a0ce4

  • SHA512

    93619489deaa391e8916503ebe68b86cc6d4d1cdcafe3bdd10707eaaba34c17fb3218fe3a8efbe8d3589a7d7249f6d68afb46d2a1d38d1e5e10052965e5b61c4

  • SSDEEP

    6144:qYa6DH51gRlSJfbv/2cAXHJGax96abkP0sHBGopCj531OIB7gSLt/HQ7bN:qYJZVJfiDZjMaby5hl23rsEt/HuJ

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      137a3eaa6f4f03f22e1cdae233dbf15861d659cc

    • Size

      462KB

    • MD5

      cc9076a6bd489b43111476ac1dafc23e

    • SHA1

      137a3eaa6f4f03f22e1cdae233dbf15861d659cc

    • SHA256

      f2d560f960b4ab660621fef4d25d6b83b27da3deb53c1b0159c8abbc935a0ce4

    • SHA512

      93619489deaa391e8916503ebe68b86cc6d4d1cdcafe3bdd10707eaaba34c17fb3218fe3a8efbe8d3589a7d7249f6d68afb46d2a1d38d1e5e10052965e5b61c4

    • SSDEEP

      6144:qYa6DH51gRlSJfbv/2cAXHJGax96abkP0sHBGopCj531OIB7gSLt/HQ7bN:qYJZVJfiDZjMaby5hl23rsEt/HuJ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks